package com.zzt.questionbankusermanager.controller;


import com.zzt.questionbankusermanager.bean.User;
import com.zzt.questionbankusermanager.bean.common.Result;
import com.zzt.questionbankusermanager.bean.dto.UserDTO;
import com.zzt.questionbankusermanager.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.util.HtmlUtils;

import java.util.List;
import java.util.Objects;

@RestController
public class LoginController {

    @Autowired
    private UserService userService;

    @RequestMapping("/login")
    public Result login(@RequestBody UserDTO userDTO) {
        // 对 html 标签进行转义，防止 XSS 攻击
        String username = userDTO.getUsername();
        username = HtmlUtils.htmlEscape(username);

        User user=userService.findByUsername(username);
        System.out.println(user);
        if(user==null)
        {
            System.out.println("账户不存在");
            return new Result(400,"");
        }
        else if(!user.getPassword().equals(userDTO.getPassword()))
        {
            System.out.println("密码错误");
            return new Result(400,"");
        }
        else
        {
            return new Result(200,"");
        }
    }

    @RequestMapping("/sayHello")
    public String sayHello(){
        return "hello";
    }

    @RequestMapping("/findAllUserTest")
    public List<User> findAll(){
        return userService.findAll();
    }
}
